Slashdot Mirror
DDoS Attacks Traced to UCSB, Stanford
michael.creasy writes, "BBC Online reports that the DDoS attacks have been traced to California." The article says there is no evidence that employees or students at Stanford or the University of California at Santa Barbara [UCSB] were connected with the attacks - they were just "zombie" sites - but that the FBI is now zeroing in on California and Oregon as the region from which the attacks most likely originated.
You are wrong. These attacks were coming from various IP addresses (many spoofed) and were a mix of syn floods and ICMP. Rate limiting and router dropping isn't going to do anything when they take down your entire link.
The only thing you can do to stop this is setup spoofed packet filters at every gateway/router connected to the internet and then easily track down the sources because we can't spoof out of a certain range anymore.
The problem? It would cost tons of money and lots of time.
What you mention in that previous post is completely invalid, especially when the attack is so massive and when it is randomly spoofed. About the only thing large ISP's can do now is block certain IANA reserved and local ranges so that they can block maybe 1/4 of all randomly spoofed packets.
Stanford is one of the top CS schools around, they oughta know better.
Well, I'm at Stanford, and I can tell you that the univeristy sysadmins and CS people don't run all the systems in campus. In fact, there's many people running insecure linux systems in their offices/rooms which Stanford does not administer.
---
One thing I haven't seen in any news stories or most of the commentaries posted is what specific hosts and operating systems are being compromised. There was the withdrawn story to Computer Currents yesterday which claimed only Linux and Solaris were involved. I find this hard to believe. I've heard anectdotal evidence that Windows machines are the most frequently compromised hosts, via viruses.
If the truth is lurking somewhere in earshot, could it please make itself heard?
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
The idea of an RBL type system is something I've thought of independently. It seems attractive. Like the UDP and real RBL, it could be a loose affiliation, decentralized, and advisory in nature. No need to bring the government in -- little that it could likely do anyway.
Realistically, what would be required is for a given network gateway to monitor its peer and child connections. Portscanning might not be necessary, depending on the signatures of an attack. A particular peer/child which exhibited behavior indicative of compromised host(s) could be blocked off, with appropriate messages sent to administrative contacts.
At the ISP level, this would include monitoring both individual dialup/fixed IP hosts, and connections to other IP aggregators. A sufficient level of filtering/blocking would act like a circuit breaker -- portions of the net might be slowed or cut off, but global abuses of the sort experienced in the past few weeks would be avoided.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
Even if they will find someone, no one will believe them that they got the right people (=> bad publicity for FBI), and no one who would want to repeat this attack would be stopped by that. They can't lock in the cell the knowledge about bugs and DoS tools -- it's already everywhere, and if it wasn't, it could be easily found again, so why waste the money, time and effort on finding some (bad) people if it can be spent by making things invulnerable to them?
Contrary to the popular belief, there indeed is no God.
Why would it be really silly to decrypt it first? Decrpyting it allows it to be distributed to anyone on any media that you choose. It allows it to be used in players that don't respect Region Enconding. Lastly, it allows you to compress it into another format with near perfect results.
Because no other existing media can store this amount of information without either being extremely expensive (hard drives) or slow (tapes), and?
With an encrypted DVD, your limited to making byte for byte copies to another DVD that only play in MPAA blessed DVD players.
For the purpose of piracy it makes no sense because buyers have the same DVDCCA-blessed players -- and copying data for playing on other devices by legal owner of the copy is legitimate use under existing copyright law -- as legitimate as playing it.
Contrary to the popular belief, there indeed is no God.
Seems amazing that anyone at UCSB would have the brain power to do any hacking at all. They must have really cleaned up IV. The cost of living has risen so much you pretty much have to be a celebrity to go there anymore. Inflation? We're not having any inflation.
a) The attackers aren't 100% stupid,
b) That it'd be 100% stupid to launch an attack from a computer you're associated with, on paper,
c) Therefore, the attackers aren't likely to be in Oregon or California.
Where does that leave us? Well, 99.999% of the planet. Though I think we can rule out the oceans. (Not completely, as Navy ships have Internet access, and nobody's entirely certain what dolphins have been up to, given that the US won't sign any environmental acts to protect their food and migratory routes.)
Who are the list of suspects, oh Great and Wonderful Sherlock Holmes, Solver of a Thousand Cases, and Drinker of a Thousand More?
Well, Watson, this leaves the whole of China, Russia, Serbia, Chechnya, Greece, Iraq, Iran, France, Germany, Denmark, Cuba, virtually the entire European Union, every University on the planet, every dissatisfied citizen of the US, every bored cracker on the planet, the Luddite movement, the Internet 2 consortium, the DVD consortium, the RIAA, the MPAA, Microsoft, every company developing anti-DDOS tools, any newspaper in need of better circulation, the US Government (including the FBI), and a pack of crazed ferrits.
My goodness, Mr Holmes! How are the authorities going to work out who did it?
Elementary, my dear Watson! They're going to keep arresting people, without bail or charge, until the attacks stop. And then, so as to not look bad, they'll charge all the innocent people with something else, such as wasting police time and occupying cells without a permit.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Um I think you carried the analogy pretty poorly. To try and use your analogy:
Some immigrants (e-commerce sitse) moved onto an island by the thousands and set up houses. The natives of the island don't like it, so they've set up baracades in front of a couple of the biggest houses.
Of course the people involved haven't given any manifesto or anything so this is still speculation. My guess is that they're bothering the big e-commerce sites simply because they're the big e-commerce sites, not because they're trying to prove something about security (such as leaving your door open). And they're certainly not lighting their houses on fire and/or nuking them. If they were to stop right now, things would carry on as if it had never happened (with the exception of the media reports).
I guess you missed that part.
DeCSS decrypts the movie (obviously), which can allow you to save it on a local file, and distribute it to anyone you'd like. That's the whole basis for the DeCSS trial. No one cares that it was created so people who own DVD Movies can watch it on their computer. They care that it could be used to help pirate movies.
hnn says that there seems to have been an attack on excite this mornning.
For anarchists, they're pretty cool. They're just entirely too predictable.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Why do people keep trying to implicate Microsoft and China in everything? It's really stupid.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
If you're referring to Kip, I think the best evidence shows he was completely off his fscking nut. Not that that makes him a non-problem.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Fickle, aren't we.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
My suspicion is that anyone who knew enough about a *nix to crack it would suddenly be overqualified to work at Microsoft and go get a real job.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Hizb'ollah
Russia
The Republican Party
Iran
Serbia
O.P.E.C.
North Korea
Network Solutions Inc.
Greece
France
The International Action Center
The Mousad
Iraq
Pakistan
India
Christmas Island
The WTO
The Democratic Party
Cuba
Guatemala
The Toronto Bluejays
Ayn Rand
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
"There wasn't a great effort to hide their presence.."
Which could mean that they were sloppy, or that they perhaps forged some logs for the FBI to find, knowing that the media would eat it up with a spoon. No way to tell at this point.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
True, but a protest without a message is really just mass loitering.
If they were trying to protest, they should have at least suggested what they were protesting against.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
And FYI, Taiwan isn't really a country.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Naw, I don't necessarily thing that fooling with the video is necessarily illegal. For instance, on my Mac, the ATI DVD decoder card sends output to the screen, but should you try to do a screen capture or whatnot you'd find that all the computer is aware of is a green region where the card inserts the video.
You're telling me that kludging together a system where I could watch a DVD on a screen not directly hooked up to that card (e.g. if I have multiple screens) would be illegal? Why? What's the difference?
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Bring on the conspiracy theories :-)
Seriously though, anybody know what's up with www.eff.org?
--
Fuck the system? Nah, you might catch something.
It will be interesting if this happens again, say 5 days before Xmas.
kabloie
Where is the trollflood originating from? AOL??
You know, the anarchists, no really they're anarchists, who started the WTO riots are based in Oregon.
It would be interesting to see if they are the ones getting the FBI's attention. If they did it, then they have to be one of the coolest anarchist groups I've ever seen in the US. Then again, if they didn't, the FBI may use it as an opportunity to get the people they couldn't after the WTO riot.
be seeing you,
doc
Hehe, we know yas done it ya dirty rat, now come out wit yer hands up or we'll perforate yas!
Hokey statistics and ancient misconceptions are no match for a good thought in your head, kid!
We find the people responsible for this particular attack, so what?
The problem is in the architecture of the Internet. The FBI will say that they need more access to snoop on traffic, but what if the FBI gets cracked? (or heaven forbid, the US government turns out to be untrustworthy).
Strong authentication all along the data path is what we really need. That won't stop the attacks but it will help point the finger of blame and that can be an excellent incentive to strengthen an organizations security practices. Just imagine if UCSB and Stanford got blacklisted by their upstream provider until they could prove that they had fixed their security problems.
It's not the attackers' fault that 99.9% of the organizations on the Internet don't take security seriously. There's a problem with the system people and it needs fixin'.
EOF
It's the FBI's job to hunt these guys down (maybe, do they have jurisdiction if the attack is launched from another country?) But the media has fixated on the cops and robbers aspect of this story.
If we don't solve the underlying problem this will just keep happening and we'll all be dependent on the FBI to come and save our e-commerce asses.
If you build your house on a cliff made of silt, it is your fault if it slides into the ocean.
DDoS attacks are just one kind of the "forces of nature" you get on the Internet.
Maybe an individual is ultimately responsible for this attack but catching him won't make anyone significantly safer.
EOF
I am a UCSB student.
In my opinion, the administrator responsible for this security breach on a University owned machine, should apologize not only to the businesses attacked, but also to the University and its students for making us all look like helpless newbies. If this person is unable or unwilling to installed pre made patches on the University owned machines on University's network, he might not be the best one for the job.
I also blame the IT suits, whose unwillingness to let select students take part in the network administration and maintenance, partially caused this very embarrassing situation. Thanks for thinking that it's better to hire incompetent, and/or lazy systems admins, than to let the students who use these machines the most take care of them.
And Kevin Schmidt, the great hero, who enjoys sniffing traffic and scanning student computers a bit too much, however unethical that is, claims that hackers were untrained.
They might be script kiddies, but they broke into University computers twice, and probably filled at least 100 Mbits/sec of our OC15 backbone for hours before they got stopped. Maybe you system administrators are untrained?
This whole thing makes _ME_ look bad too, and yes, I am pissed.
The attack did not come from a student computer on UCSB Residential Network as far as I know. From what I've heard it was one of the UNIX boxes (either Solaris or HP/UX) in ECI lab. NFS was compromised.
NT
You are absolutely clueless. UCSB is connected to the CalRen2 network by the fastest available connection in the whole area. From anywhere on University network you can get >1Mbyte/sec transfer speeds.
If you are talking about Residental Network (ResNet), you can blame school for providing only 10 Mbits/sec connection to bunch of porn downloaders for free. I am on the Resnet, and if it too slow for you feel free to get a Cable modem or DSL.
Please do research before you post next time.
... is why the fuck they are even doing this? It isn't for political reasons, it isn't for money, it isn't for fun. Packeting popular websites is worthless. I sometimes wonder why people do the things they do. Go out and get high or something, stop being a bunch of dumb fucks and do something productive.
</rant>
Since no OS (even OpenBSD, as good as they are) is completely impervious to attack, your liability-based solution means everyone on the net has to buy hefty insurance, and the trial lawyers take 1/3 of the cash for every damage award. Sorry, it's the wrong approach.
And what about the Linux newbie with a DSL line and a static IP address? He downloads a distro and pushes the buttons, but the default is an insecure system. Who's liable? The distributor? (You can try to exempt the distributor and say that the newbie is responsible, but no jury's going to buy that -- and the law has to treat Microsoft and Linux vendors equally).
OK, Red Hat can afford it. But Debian has to disband. You've just killed them. The developers can work very hard to be sure they're secure, but can they bet their life savings on it?
There is one thing that should be mandated, possibly by agreement but if that fails, by law. If you operate an ISP and you and your customers are assigned a given segment of IP space, it's trivial to configure your routers so that packets that lie about where they came from (giving a source IP address not in your IP space) can't escape to the rest of the net. It's negligence not to do this. You can make the filtering even tighter, by filtering packets coming from customers (except where there are peering agreements or other arrangements) so they can't spoof the other customers. This kind of filtering is probably going to have to be a legal requirement (or a contractual requirement imposed by the backbone folks on their customers).
actually, you might want to take a closer look at the injunction. EVEN if the only purpose of DeCSS was to watch movies under Linux (this is a paraphrase of part of the injunction) it is still illegal becasue it circumvents barriers to access, which is illegal under the DMCA.
pity, ain't it?
Lea
I highly doubt an intelligent person or persons would attack from a local area. Who is to say this attack didn't start from say China. However, who says it wasn't script kiddies that did it.
.edu hosts.
If I were in China and I wanted to hose some US sites...
1. Break into serveral US
2. Route like hell from nation to nation.
3. Log into the slowest speed school.
4. Log into the next highest speed.
5. Reapeat until all shells are open.
6. DDoS
It would be very hard to trace someone going through 3+ nations with 5+ levels of subnet changes per nation. In fact I'd say you couldn't without breaking the laws yourself. ( Not all nations would give info, or care about X attack. )
Just my US coin dollar...
I remember NSA asking for more funds recently. Who knows they could've done it, lol. The point is someone had a motive, but until the motive is knowm we can't really know who it is... unless we trace and trace and read log after log.
Unfortunately, we may never know for sure... I want to know, so I hope they trace and read over the logs. However, there is still a chance the last link in the chain was a setup. =/
"Yea, but the loss from doing all that back/forth wouldn't allow you to get the rates that these guys were moving at..."
That's incorrect. You'd be attaching *from the remote machines, not from yours *via the machines. This is a common misconception about networking + shells/X. You can run code remotely on say machine A and have output on B, put simply...
I hope you see how this works in the large now, AC.
Inconceivable!
I work at UC Santa Barbara. For are you little orangutans out there saying the FBI is wasting its time trolling around here at UCSB, well go read the news a little more carefully. The intruder did a sloppy job and didn't clean up on his way out; therefore there may be information worth investigating.
Kevin's qouted in the CNN article:
"Schmidt said the intruder was 'sloppy' in his work and failed to destroy all the logs monitoring activity on the server. "There wasn't a great effort to hide their presence.."
Scroll down to the part that says "Method of attack at UCSB."
It was really odd to see cameras and suits out and about though.
And it would be a really dumb platform to use too when there a bazillion NT machines hooked to the 'Net 24/7.
My guess is that somebody has figured out that you can even attach a few bytes to a Ping packet,
like a note to a carrier pigeon's leg (holding the 'victim' IP address and the date and time of the attack.) They even have Ping on Windows NT.
Actually Ping would be the perfect program to infect. Its a system service so its always running. It has fast response to an incoming stream coming it on it has it sown socket and the machine is definitely hooked up to a network.
If Ping can get a response to a ping of the 'victim,' it can participate in the attack. If not, it just waits for the next "carrier pigeon" ping.
At the appointed date and time Ping it the ideal weapon to unleash a small stream of packets to the network.
Ten thousand small streams from ten thousand sources makes for a flood on the 'victim' address.
It doesn't even have to be spread by virus. It could have been done years ago by someone on the inside at Microsoft. As long as the code doers what its supposed to, nobody in QA ever seems to check what _else_ it can do. (There's a made-for-TV movie plot in there somewhere.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Less then a t1 actually. My cable modem off campus is infinately faster then the dorms was
"However," replied the universe, "The fact has not created in me A sense of obligation."
You could just play into a video capture card. All DeCSS does is allow you to circumvent an (arguably) illegal practice, ie. region codes.
Really, and what can DeCSS do that is illegal?
Finkployd
I've seen DVDs copied. It would be really silly to decrypt it first. That would be like reading a text file off the screen, writing it to a piece of paper, then firing up vi and writing it to a new file on a floppy. It would be a little easier to copy it.
Why not ban pens? Who cared what they were made for, they can be used to copy books for sale on the black market.
The judge and MPAA people are wrong, just as you are.
Finkployd
Finkployd
Lastly, just because there are other ways to thwart their copy protection doesn't mean that one method should be legal.
Then why aren't my VCR, tape player, and CD burner considered illegal? There is nothing illegal about breaking copy protection for your own use. That has been proven time and again in fair use trials. Who's to say I can't make a perfect copy of my own disk if I know how. The illegal thing would be to sell them, and THAT should be punished.
If we banned every item and program that COULD be used for some illegal purpose, we would have NOTHING.
Finkployd
Just my $2x10^-2 worth
-KS
Fortunately our network admin was logged into the server at the time, so he watched the situation before pulling the plug on the machine. We investigated the logs this morning. We determined that he was coming from New York through a jump from a California IP, so he could definitely be a part of what's been going down.
The account he created for himself was "TEK". Does anyone know of a cracker group that uses that name or initials?
Actually, the ucsb admin was doing some sluething, so the odds are if the hacker was sloppy, he's better moving on.
SB Newspress: http://news.newspress.com/toplocal/computer.htm
And of course the unposted, slashdot brings ucsb network to it's knees
"The unusual activity from the campus computer was noticed by UCSB's network programmer, Kevin Schmidt, around midnight Tuesday after he conducted a routine check of the system from his home. He spent the night running a check to see if there had been an intrusion, and found that a campus computer was involved in what is called a "distributed denial of service" attack.
"We were a victim," Schmidt said. "And our computer network system was abused."
After detecting the problem, Schmidt contacted CNN and then the FBI.
Whoever broke into the system attempted to cover his tracks by rotating the origination addresses, but was "sloppy" and left some information intact. Still, computer experts said Friday that finding the culprit or culprits will be difficult because numerous layers of connections may be involved."
And of course the worthless press release:
HACKERS BREAK INTO UC SANTA BARBARA COMPUTERS; HIT CNN
The machine cracked was a research lab machine.
If it's stable, and running, most people don't like admins fucking with thier machines. The machine works, it runs the software needed, and it gets the job done. Let an admin screw with it. No way.
Would you let people fuck with your linux box?
Now that a machine on campus has been cracked, the poor admins will be saying, "we patch or you get no network connection", Before the crack, no admin had any weight to toss around. "Damn alarmist administrator" With the attack, the admins have a bit of weight to toss around for a month or two.
Like we don't have enough trouble with our child-killers that fake insanity, cops harassing our potheads when they should be out looking for murderers, the government trying to kill our assisted-suicide laws, our cabbies being killed for pocket change...
-- 100% MS-Free as of 4-4-1999, 11:47:38 PST. "The lapdance is always better when the stripper is cryin'" Free Kevin,
If pens were just now hitting the market, they wouldn't hesitate a moment to have them banned under DMCA.
Too many people already use pens, though, so attacking them at this point would go against the whole 'divide and conquer' approach.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
My thoughts exactly. I heard this news item on friggin radio two or three days ago.
Slashdot ain't what it used to be, thats for sure.
(Sorry, Rob. Its just my own observation.)
Bowie J. Poag
Project Manager, PROPAGANDA For Linux (http://propaganda.themes.org)
Bowie J. Poag
Talk about a complete lack of research-- these guys just made up something that sounded good. According to Kirk McKusick, current copyright holder of the BSD Daemon, the term 'daemon' comes directly from the mythological creatures of the same name responsible for taking care of mundane tasks.
For more detail, see Webster's dictionary, in this case we are looking at variant 2, "an attendant power or spirit". Whether daemons are evil as in "demon" variant 1 depends on whether they are working or not. Some days sendmail definately qualifies as the latter.
Eat more fiber.
(Ask a stupid question...)
Glückwünsche, haben Sie Slashdot ermordet, indem Sie zum korporativen Druck beugten und Subskriptionen einlei
Hmmmm....yes. Portscanning. Then place the results on a PUBLIC, NON-ENCRYPTED, high-profile Web site that port monkeys and script kiddies visit a lot (Slashdot sounds good :) and then allow the 1337 D00DZ HAVE AT EM!!!
:)
Yeah, let's do it!
My journal has hot
I was under an impression that spooks did this ;) They are the only ones who will profit from this (security companies as well).
There's no way that "script kiddies" did this.
This reminds me of the virii... who makes them? Anti virii companies of course =)
nick
--
GroundAndPound.com News and info for martial artists of all styles.
...the FBI is now zeroing in on California and Oregon as the region from which the attacks most likely originated
Only a couple of hours ago (around 10pm CET) CNN Text was featuring a story that said that the attacks were originating from Germany and were done by a program called "barbed wire" (yah, that's a translated term, I forgot the German).
Apparently everyone's pointing at something in such a hurry that no-one is really trying to figure out who *really* did it. Maybe the FBI should work a bit more coordinated both on their research and their press-releases.
In God We Trust, Others We Monitor
Is there anything wrong/funny about that? It is a much used rationalisation for the term daemon, though afaik the original reason for choosing the name is that it lurks, with the perpetrator of an act not knowing it is there. (ie, I drop something in the print spool, the daemon does its thing with it).
You obviously have not been in this business very long. All the major OS's have had expoits that comprimised them at one time or another - including Linux.
**** Sworn to Fun, Loyal to None. ****
Of course using DeCSS as part of the process of playing a movie that was sold and purchased for that purpose might not amount to "circumventing".
The article states, "A university spokesman confirmed that a flood of hacker messages had been sent to CNN's site via one of the servers at the campus."
To the hackers, wherever you are, whoever you are:
Please stop sending 'hacker messages' -- do it for the children.
Why would china want to exspose all of its shells by DoSing a couple of 'dot-com' companies for a few hours? If they were really interested in info-war, I'm sure they'd keep it secret, untill they could actualy use the advantage
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
>FBI is now zeroing in on California and Oregon as >the region from which the attacks most likely
;-)
> originated
If the FBI is going to be using logic like there is no chance of ever finding the packet monkeys.
The Internet is a global network. If I am going to launch an attack, I would just as soon use a university 1000 miles away, rather than the one down the street.
Ping times, not driving times.
If you can't figure out my address, just drop me an e-mail and I will explain.
It's a play on words from vaxen as a clutch of vaxes. Boxes is too sterile a term.
I'd be surprised if stanford and ucsb were the only computers involved. :^|
:^)
It sounds more like they were the only ones who noticed. That's a pretty important distinction, if you're going to blame the sysadmins for security holes... at least they turned in their machines and whatever logs still exist on them. Perhaps they (like exodus/global center) were running network monitoring tools to detect and respond to this kind of thing.
One example of these would be netscout, though they actually get their hardware from cisco.
Now _unfortunately_, these tools also make scanning for plaintext passwords over a WAN trivial so they should probably be banned as well, but that's just another problem for the fbi.
UCSB Local Press/Press release
by just someone on 04:15 PM February 12th, 2000 EST
(#49)
(just someone User Info)
"Actually, the ucsb admin was doing some sluething..."
check out his summary of an actually informative article:
SB Newspress: http://news.newspress.com/toplocal/computer.htm
hmmm, i guess it was overrated mr. moderator. But then again, you don't have much time to be creative when you're trying to get...
FIRST POST !!!!
hahahahahaha... relax, its Saturday, the snow is falling, and for some strange reason my head hurts.
+&x
Rdiculous moderation in action... A first post is marked redundant, while a four page AC post of a WWF sex fantasy is left untouched. Classic.
+&x
so does that point the finger back at the gov't again? No sorry, what was I thinking, a government agency lying for political gain, I must be on crack again. Thank god for the CIA!
(google's got the Valentines feeling, how sweet)
+&x
USAToday (dead tree) had quotes from our hero JohnV as well as quotes from /. and some AOL chatrooms. Looks like we're in good company....
+&x
Depends on what you mean by "has faulty brakes". Most vehicles don't leave the factory with faulty breaks, so if your particular car has faulty brakes and you could "prove" it in court, you'd also have to prove that they had just went out, otherwise you'd probably be looking at a reckless driving situation as well as a red light.
No DDoS attacks are not a kind of force of nature. A force of nature is something that happens on it's own, not something that is initiated by a person.
By the logic you used in the parent to this thread, it would be your fault if somebody was to shoot you dead, because "you could have been wearing a bullet proof vest."
Even though there are problems with the net, act of senseless stupidity are not to be excused because they can be done.
As someone else who was "there" when all this started, I can state the major problem with your theory: the NSF stopped funding the backbone. Sure you'd have the occasional techy running some kind of site across his isdn line or modem, but you would definitely not see the kind of bandwidth that exists today without all the ecommerce to fund it.
And so, Dear Reader, the trail eventually led up to a little backwoods town in Washington named Redmond, the last place anyone would have thought to look for an evil computer nerd trying to destroy the Internet...
This is true, but just because a very risk-averse person should have used far-off computers does not mean that this is the case. What is familiar and convenient often trumps what is rather more sensible, especially in the mind of someone who believes that he's already been so clever that he could never be caught in any case. And the Chinese army probably would've been a bit more subtle. Maybe.
Because accusing Microsoft of evil deeds is, when not accurate (indeed, especially when not realistic), just plain fun. It's like throwing tomatoes at Dan Quayle: it's not very nice, but you just can't help yourself. And accusing China of evil deeds, while often unlikely and usually barely plausible, functions as a warning that yes, there does exist a country which is often vaguely hostile to us that will, if not now then in the near future, have the ability to seriously (and possibly anonymously) screw us over, and upon whose goodwill the survival of the Internet (and possibly large chunks of the world economy) will depend. Of course, the Chinese government almost certainly looks on us as a serious threat to their computer networks, and are quite correct in doing so.
mb is megabits/second.
OC3 CalRen-2 Sounth (vbns), 155mb
ATM to UCnet, 155mb
DS3 to Irvine, 45mb
Maps from
www.vbns.net MSF high speed backbone
www.ucnet.net Univ. California backbone
Ryan Salsbury
Wow, this news is only like 2 days old and it is just hitting /.?
How about hitting http://www.hackernews.com for the latest, like info that the attack on Yahoo! was different than the others, suggesting a copycat. That was today's news (02 12 2000).
Yesterday they had info about messages within the packets themselves.
Maybe we will see that in a week or so here, but not holding breath.
Eve Fairbanks says I drive a hybrid!LOL
http://www.cert.org/current/current_activity.html# distributed
Eve Fairbanks says I drive a hybrid!LOL
Check this story out on Yahoo.
violator of the hacker ethic?
It's a site where no one ever wait()s on child processes, so they all eventually become zombies. ;-)
Heh. That was funny. "He's the DJ I'm the Hacker"
MS Office 97 comes with "Microsoft Camcorder" which will record the contents of your screen (and audio) to an AVI file.
So, according to you, Microsoft did something illegal? Microsoft would never... oh wait.
--------
"I already have all the latest software."
It's irritating to a real hacker when a bunch of wannabes that make him look bad get acknowledged as being a "hacker".
Put the following hackers in jail:
Alan Cox
Linus Torvalds
Miguel d'Icasa (sp?)
Eric Raymond
Richard Stallman
K&R
and anyone else in src/linux/MAINTAINERS, or who has posted to debian-devel-@lists.debian.org
They're all <b>admitted</b> hackers!
--------
"I already have all the latest software."
Hrm, you know, these crackers, they're just not that nice. They don't put their source IP address on the packets. So it really just looks like millions of ppl tried to connect to your site.
Sorry to spoil your idea, though.
So fake a video driver and capture it as the DVD player blits it to the screen. Voiala, a perfect digital copy. There's no Macrovision for computers. (This has been done).
It's not the attackers' fault that 99.9% of the organizations on the Internet don't take security seriously.
Give me a frickin' break. So I left my door unlocked. Does that give you the right to come in, douse my home with gasoline, light a match, hit the charred remains with a bulldozer, and nuke the remaining pile of ashes? I think not.
I am shocked that this has happened at UCSB - I'm a UCSB alumni working in town and have worked with Kevin Schmidt while attending UCSB.
The guy is an animal when it comes to his job and this just goes to show that it could happen _anywhere_. He's actually overqualified for his job and should look for 6 figures in the private industry. To those that say Stanford should be above this kind of attack because it's Stanford - a school's ranking has nothing to do with it's vulnrability. The people in charge of the computer infrastructure are lightly connected to the universities rating. Anyone who is qualified to do a good job at IT wouldn't take the low salary from a university anyways.
Oh yea, and as far as you looking bad. You're a CS student at UCSB, how pathetic. UCSB will let anyone in with a pulse. The staff is underpaid, the faculty underqualified, and the undergrad students are horrible and can hardly be taken seriously at a job interview. About letting students assist in IT - there's too much to risk as in this isolated DoS incident is nothing compared to an IT undergrad intern that just let his computer genious best friend reconfigure the router. If you knew Kevin Schmidt then you would know that this is the result of being overworked however the gov't is always understaffed. Now I'm not proud of getting a degree from UCSB but who's to say you need a sparkling degree anyways - 1 year after graduating I bought a new black boxster S. Shit, look hard in IV and you'll see me drive by fabio.
(sorry for the flame but you do sound like a geeky san nic dorm resident that spends too much time on resnet and doesn't get any, while the other 10,000 chicks at ucsb are out partying every weekend.)
-B
At any place, at any time, you can be busted for something. They prefer it that way--possession of burglary tools (like a long screwdriver), loitering with intent (meeting up with a friend to go to a movie), vagrancy (sitting on a bench with less than $20 on you), conspiracy to commit income tax evasion (sitting on a bench with more than $1000 on you), conspiracy to possess a controlled substance (asking an undercover police officer what time it is and if he knows if a nearby restaurant has fast service), conspiracy to transport a controlled substance (trying to get off the plane ahead of the other passengers, trying to get off the plane after the other passengers, or getting off the plane in the thick of the other passengers).
As for whether the UCSBees in question are liable, well, that depends on whether they can afford a better lawyer than whoever's suing them, doesn't it.
Cheers.
--
This is not my sandwich.
Moderator points come in sets of five, not magic moderation rings with an infinite number of wishes. (Unlike the ability of trolls to post.)
Some moderators try to use them mainly for moderating interesting stuff UP, rather than moderating trolls down. If they burn them all on the latter, they don't get to call your attention to important stuff.
Later comments are seen by fewer moderators, and thus less likely to be dinged.
Moderation is done by readers of the already-posted items - not by a hypothetical staff approving or disapproving of postings before they're made. So items following-up an item already moderated down are less likely to be looked at and disapproved, even if the moderator is willing to waste his points on the Nth followup on an off-topic thread.
And moderators can't moderate responses to articles where they've already posted a response. (I, for instance, currently have three moderator points left, and am blowing my ability to use them anywhere in this article by posting this reply.)
So don't look for consistency in moderation. Be greatful you get any benefit from it at all.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Strong authentication all along the data path is what we really need. That won't stop the attacks but it will help point the finger of blame and that can be an excellent incentive to strengthen an organizations security practices.
But strong authentication comes from strong crypto. And strong crypto in the US has been crippled by the US Government's export controls, which remove most of the financial reward for work on it by US programmers. (They can't export their products, so such products can't become a world standard, so they can't become a US standard, so they can't be sold. So the programmers find something else to do, where they CAN make some money.)
And who are the biggest lobbiests against removing those export controls?
The FBI and the NSA.
And why did they want the controls to remain?
So they can read everybody's wiretapped communications (NSA, FBI) and confiscated or copied disks (FBI, NSA).
And maybe so they can install their OWN intrusionware, so they can read it when the traffic hasn't been in the US (NSA, FBI drug warriors) or without having to sieze the computers and tip off those observed (FBI, NSA).
And maybe so they can plant things, disrupt targeted organizations' operations, or play damaging and often fatal "dirty tricks" on those they don't like (as both the FBI and the spook agencies are known to have done in every decade since their inception).
So now their interference with crypto has come home to roost - by leaving the US information infrastructure open to attack, until a large scale attack is under weigh.
Don't they both have charters that say they're supposed to work toward preventing that sort of thing?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Granted what they pulled off was quite impressive, is it really "hacking" in the true sense of the word?
Loath as I am to give psychopaths any reenforcement...
The trinoo/TFN/stacheldraht tools do show there's some talent under a couple of the black hats.
Some coboys ARE cattle rustlers. Some sailors ARE pirates. And some hackers ARE crackers and/or vandals.
Talent and psychopathy aren't well correlated, so there are a small number of people who have both. About one in a hundred is a psychopath, and that applies to hackers as well as every other group. Some fraction of psychopaths don't learn enlightened self-interest, and so remain amoral and prone to doing great damage to others to obtain minor, short-term benefits to themselves.
Of course, once the tools {and their install tools} are written, it doesn't take brains to install and use them. Just access to the tools and a lack of morals.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
**you** are responsble for what your computer does
Can't handle that? Then get your machine off of the net. This is no different than your kid or one of his friends finding your gun, unsecured laying loose in a drawer, and using it to blow someone away.
It might be argued that having a bulldozer with a lock that can be picked with a hairpin makes you partly to blame when somebody steals it and uses it to knock down a department store. But if you accept that argument...
Who is at fault for the loose security on the bulldozer when all the bulldozers come from each of the handfull of bulldozer factories with such locks, all identical? Must every customer install his own lock? Must every customer become a better locksmith than the experts working at the factories? Shouldn't there at least be something in the manual telling the customers that they need to change the lock?
And who is at fault for the loose security on the bulldozer when the government bans locks that can't be picked with a hairpin?
Let's stick to putting the blame where it belongs: on the criminal.
And let's stick to solving the problem at its sources, which include the government's ban on strong cryptography.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I'd expect that China would hold off on actual use of its intrusionware until it could use it as part of a coordinated effort.
Shooting at someone makes them tend to put on body armor. Making a series of attacks with intrusionware puts a lot of experts to work rendering that particular style of intrusionware unworkable - and making future intrusionware more difficult to write.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So, some person (hacker(TM)) caused denial-of-service(TM) to a few sites during the past week. These kind of things happen all the time. It just so happens that the majority of these sites were large E-Commerce(TM) "businesses". Now we have the President(TM) of the U.S(TM) making statements regarding these "attacks", and every news program on television has the same story about how some hacker shut down yahoo.com, cnn.com, buy.com, etc, and how they cost companies millions of dollars, blah blah. Then they go on telling about President Clinon's new Anti-Hack plan. How come the media only uses the term "Hacker" when something "bad", computer-related, happens? The media really does have an effect on people. A few days ago in school, people were asking me if I was the one who hacked Yahoo. What better way to generate support for Clinton's new plan?
Let's say that I want to post a bunch of MP3s which are quite clearly copyrighted songs, and I don't want to get caught, and in particular I don't want to get sued. I could take over some poorly secured machine, use that to take over another poorly secured machine, erase all traces of having broken into the first machine (logs, etc, including whatever software I installed to break into the second machine), and put my MP3s onto the second machine. I could then advertise the second machine on Napster or whatever, and when someone comes after that machine's owner, they'll look at their logs and such and realize that they were compromised from the fist machine I broke into. The owner of the first machine will have no way to show that they were broken into in the first place, and they stand the best chance of taking the blame. The odds of the attack being traced back to me are close to nil. (Something similar happened to me after I first set up my home machine. I hadn't gotten around to securing it more than minimally (setting a good root password), but I had taken the precaution of putting my logs on write-only media. Someone broke in and dropped in a bunch of MP3s, and I never was able to trace it back, because the site I was attacked from had no logs left to check.)
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
I go to UCSB, and basically what happened is someone missed a security update on one of the lab computers. The person who got into the computer was "sloppy", but that doesn't mean that they're easily caught - if they were island hoping, they wouldn't have needed to be so careful, as it would be harder to trace it back to them.
-----
-----
"A man is judged by his every word." -RW Emerson
"They misunderestimated me." -GW Bush
Even more disgusting was hearing the TV news quoting antionline as to where the crackers are located .... :-( I guess some people are making money from this
Even more obvious:
Perhaps they're looking for EVIDENCE on the cracked machines? Like log files and anything else that lets 'em trace backwards?
Cops working a homicide don't just give up if the murderer ain't there. They start tracking down witnesses and other leads...
Only the dead have seen the end of war.
It's time to change the mind-set about these attacks. The attacks
wouldn't be possible without plentiful insecure machines to use as
zombies. The organizations which are failing to use good security
practices on their machines are a significant part of the problem, not
innocent victims. Perhaps there should be some sort of penalty for
lax security which allows your machine to be used in a DDOS attack.
This might be a way to get security to be taken more seriously.
I don't think that they're looking for the actual packet monkeys in California/Oregon, but evidence that will lead them to the real location. By analyzing the logs of the machines used in the attacks they can help narrow down the location of the perps.
However, I doubt they'll have much luck. As has been said, while the machines that were compromised no doubt hold clues to the origin of the attacks, the people involved probably did a good job of covering their tracks. I somehow doubt they just telnetted in from their houses and executed the attacks. Nevertheless, closing in on a point where we know there's been a break-in is simply the best way to start.
I do blame the media for propagating the idea that the perps are in the California/Oregon area, though. This case has shoown just how difficult it is to describe the real way the Internet works to the average person on the street.
SpamMan
Zombie sites are, unless I'm mistaken (which I may well be), boxes that were cracked by the people launching the DDoS attacks. The cracked boxes (the "zombies") are then used to launch the DoS attacks or used to relay to other boxes and further obscure the path to the crackers.
Given the amount of money I lose in taxes, I would hope the FBI is competent enough that going to California is merely an opportunity for them to get firsthand logging information off the boxes which were comprimised. I would hope that, as has been suggested, the slant the media has given to their "hot-on-the-tail" hunt of the perpetrators to that area is your typical media hype and misunderstanding. I would hope that there really isn't some gung ho, clueless investigative director running around with a bunch of unmarked cars hoping to catch those 'dangerous felons' sneaking out of California computer labs under cover of darkness. Probably all these hopes would be futile, though. Oh well... at least my tax money pays for good healthcare too... oh, wait. It doesn't... nevermind...
what are they doing to trace the perpetrators?
traffic logs? suspicious daemons?
my question is: what if there wasn't a master host sending out a "go" command to all the slave clients? what if somebody compromised 100+ hosts several months ago and installed daemons that can self-activiate and autonomously coordinate with each other? assuming the attackers left no traces at the compromised hosts, is there anyway they can be traced? I understand that this is not a valid assumption. but what if the attackers carefully picked hosts on networks that were obviously poorly adminstered and secured? (ie. you should pick an insignificant 486PC hidden in some corner of a library rather than some E450 that serves 1000+ students. I have walked into a arts dept. computer lab before. I doubt that anyone would notice if I installed trojans there.)
How 'bout if the GOVERNMENT goes around port-scanning the machines in the net for exploitable holes, and then requires that those people take their machines off the net until they've got the holes fixed up?
(I know, I know, it would piss off a lot of people, who would complain about government interference - it would be an odd sort of backlash though: "The government wouldn't let me keep my system insecure!")
Maybe you could do something like the RBL system, where you have people cooperatively portscanning the net, reporting machines that they find "open", then trying to get the owners to fix them up (providing advice where necessary), but RBLing them if they don't cooperate?
An Article on news.com -"Spurred by this week's widespread Web attack, President Clinton has rounded up experts, government officials and high-tech business leaders for an emergency Web security summit."
Of course, these attacks are useless, and serve as much purpose as banging your head against the wall. I'm not going to get into why people do these useless types of attacks, but it is in one way or another to get attention, or recieve recognition. Either way, whoevers doing this is could screw the rest of us over. Maybe the president, in his ultimate wisdom, along with his other attempts to gain political favor before he leaves the white house, will propose to instate IPv6. People who hear about these attacks on the news think that Yahoo (et al) were really hacked, and due to this the general public might approve. Well, these lame DoS kiddies would have really fscked us over(that is depending on your view of IPv6).
Fnar fnar.
threadeds blog
Why should a motive be necessary? Some people go out with spray cans and tag everything that'll accept paint (and somethings that won't).
threadeds blog
So fake a video driver and capture it as the DVD player blits it to the screen. Voiala, a perfect digital copy. There's no Macrovision for computers. (This has been done).
This could be construed as illegal to since its primary (only) purpose is to thwart copy protection. Also, you'd need a huge amount of storage to store the uncompressed stream, and it might be hard to know exactly when to capture the image. In addition, the quality would not be as good as the original once you recompress it down to a more manageable size. DeCSS has none of these problems. Lastly, just because there are other ways to thwart their copy protection doesn't mean that one method should be legal.
Sig goes here
Woops: illegal to since
Should be: illegal too, since
Also, now that I think about it, there might be some legitimate reasons why you'd want to capture the output of a screen using the method you described, so it probably wouldn't be deemed illegal. I still think it would be hard to stay in sync with the frame rate of the DVD, and this method is certainly not as clean and desirable as using DeCSS while copying the raw MPEG stream.
Sig goes here
A News.com article says that the FBI is now looking for a German programmer named, "Mixter" who allegedly wrote the programs that were used in the DoS attacks.
He vehemently denies any involvement with these incidents and does not condone people using his tools for such nefarious purposes. The article goes on to say, "Their[people who write these kind of tools] work is controversial, however, because the programs they write can fall into the wrong hands when posted on the Web." This brings up an interesting point. Since these tools have been written everybody needs to assume that they are already in the wrong hands, and anyone responsible for the security of their networks should be pounding themselves with DoS attempts using these tools, so that they can learn how to protect themselves.
Sig goes here
I've seen DVDs copied. It would be really silly to decrypt it first. That would be like reading a text file off the screen, writing it to a piece of paper, then firing up vi and writing it to a new file on a floppy. It would be a little easier to copy it.
Why would it be really silly to decrypt it first? Decrpyting it allows it to be distributed to anyone on any media that you choose. It allows it to be used in players that don't respect Region Enconding. Lastly, it allows you to compress it into another format with near perfect results. With an encrypted DVD, your limited to making byte for byte copies to another DVD that only play in MPAA blessed DVD players.
Sig goes here
You could just play into a video capture card
But the video would have to be digital to analog converted and than analog to digital converted. This would result in a substantial loss in quality. The movie industry is only concerned about perfect digital copies of their work being freely available.
Sig goes here
The answer my friends, is simple. I don't know why the FBI is spending their time popping around Universities, the culprit can be reasoned out by anybody who's read the newspapers or one of those "techie" news "web sites" like "Slash Dot" or "Wired".
The hacker responsible for the DDoS attacks is obviously Kevin Mitnick, in conjunction with the bastards who made DeCSS.
You see, Kevin Mitnick has been released from prision recently, and as my mum always says, "Once a thief, always a thief." It's obvious that he got his hands on a computer and quickly put an assault on popular news sites as revenge for his unjust incrimination.
But what about the guy from Norway who made DeCSS? That's where this gets complicated. You see, Kevin needed an ally, somebody to watch his back and make sure the Feds didn't catch him. Who else but the lowlife creep who made DeCSS, depriving the innocent MPAA of millions in revenues?
This is an obvious consipiracy. I can't believe the FBI hasn't figured this out yet.
(ehrm, the above is complete bullshit, by the by.)
------------
"Okay, who taught the cat how to type ctrl alt delete?"
At least it has made people realise that a problem exists and hopefully encourage people to make thier systems more secure.
Don't know if it's related but the seti@home site has been down for a few hours.
Another attack ?
I hate to state the obvious here, but its quite stupid for the search to concentrate on California and Oregon, unless the searchers have some really conclusive evidence. If I were doing this kind of thing (and I don't like even contemplating it), I'd be as far away from my "zombies" as possible.
-RickHunter
--"We are gray. We stand between the candle and the star."
--Gray council, Babylon 5.
windows can crash my computer, but i don't *think* that's what it was intended for... does that mean it'll get banned too?
I am a little worried for the person(s) who pulled this off. They have a group of corporations now after their head for what was essentially "parking their truck in front of the doors of the store." And for how long? Two whole hours or so? How much prison time would a person get for that? How much do you think this person or persons will get?
This will be a lot like the DeCSS thing here Jhon Johanson has been jailed for not doing any damage. Kevin just got freed. Let us hope that the U.S. judicial system is picking up on what is really right and wrong really fast.
The only bad things to come out of this is what the government is going to do. The domains which experienced the denial of service attacks really were not damaged that much. I can find little else wrong. We all will now have a better eye on security and our bosses will give us more time and money to concentrate on such.
We needed a little kick in our complacency. It reminds me of a certain Star Trek episode.
Hmmm, sounds like the same basic story. Someone writes a program that CAN, but was not originaly intended to, be used to do something illegal. How long will it be before these programs have preliminary injunctions slapped against them?
The other thing that really chaps my ass about this whole subject is the fact that I hear Clinton is putting up some emergency internet security board on the subject. So Yahoo goes down for four hours and now the government is spending more money chasing shadows?
File this whole subject under You Gotta Be Kidding Me.
god is dead
My $.02
Wrong!! This would be like Someone breaking into your home, finding your gun, and then using it to kill someone. Furthermore, as to the "Running a redlight" line, **If** the car was reported stolen then you would not be responsible for the ticket. There are restrictions however, lets say your gun was stolen from your front porch then the case would be that you failed to take basic precautions to prevent the theft and therefor you would bear some responsibility for any and all crimes it was used in.
It's hard to overload a major site with T3 or more bandwidth coming in just by sending junk packets that don't do anything. Web sites generally have equal bandwidth going in and out, but send far more than they receive. So there's lots of excess inbound capacity. Dropping an inbound packet is a cheap operation.
The problem with SYN floods is that the server resources used are all out of proportion to the message sent. One TCP SYN message with a random IP address chews up a few K of server RAM for tens of seconds, maybe a minute. In some servers, each TCP SYN uses a slot in the pending-connection queue for the socket at which they're aimed, and worse, some servers have only a few such slots. Those servers can be locked up with a very modest attack bandwidth.
There are a few other problems, such as machines dumb enough to reply to ICMP broadcast packets and, even dumber, those that will allow an outsider to get the UDP junk message generator service (which nobody needs turned on) talking to the UDP echo service (which isn't very useful either). But those are out-and-out bugs, for which fixes are known.
Once you plug all the holes which allow small amounts of one-way attack data to use large amounts of server resources, the problem should become manageable.
All this assumes that the number of attacking zombies is in the thousands, not the hundreds of thousands. I agree that if someone takes over enough machines, and aims them all at the same target, it creates more difficult problems. But that's a lot of zombies to run without somebody figuring out who's behind the attack.
John Nagle
Menlo Park, CA
Once you stop SYN flood attacks, and have the fixes in for stupid bugs like the "Ping of death" and IP broadcast packet expansion, everything else that can happen has a reachable IP address associated with it. Those attacks are traceable back at least one level, and you can make them ineffective by imposing some kind of quota system or block based on source IP address at various levels of the server. Web servers like Apache might need to be smartened up a bit so they don't choke when a huge number of requests come in from the same IP address (and that mechanism needs to know about major proxy servers like AOL), but that's not too tough.
The key points to understand are this:
John Nagle / Menlo Park, CA
The FBI should be investigating how they can change this. I don't think they can ever truly "secure" the Internet the way they'd like, but it would be more useful than tracking down the person responsible for this. What will they find even if they do catch him? Probably an idealist techno-anarchist student, a 16-year-old scriptkiddie or an "IRC wargroup" that rooted a couple of machines and decided to have some fun with it. Either way he won't be able to pay for the damages or help solve the problem in any way.
And who cares about bringing this person to justice? Locking him up will sooner turn him into a martyr, only evoking more DoS-attacks.
But i really don't think they're stupid enough to initiate gigantic DoS attacks from systems they could be tied to... i dunno, maybe they ARE that dumb... it seems like if that were the case the FBI would have no trouble tracking them down... just follow the boasts. My own personal opinion is that these attacks originated overseas, korea, china, russia. Either way, no one will ever be brought to justice unless they get caught boasting, unless of course they were indeed dumber than my dad clicking on banner ads with the little windows close "x" in them to get rid of them.
Should I pack my bags?
Network Security: It always comes down to a big guy with a gun.
I've see "h4x0r" suggested... after all, it's what they call themselves. And I think the mere term is appropriately derogatory...
That's a rather scary thought. Say goodbye to:
* ping -f
* saint
* tcpdump
* crashme
* crack
* nmap
All of which are legitmately very useful for administration, debugging, security testing, etc. But yes, they can be used maliciously.
Oh, and every report of every security hole, and especially the exploits. Damn, the writeup of the new buffer overflow in sendmail (or whatever) could be used maliciously, guess it would be illegal to send it to bugtraq. Of course, it also won't be fixed, thus making things *less* secure...
I really hope you're wrong.
But it sounds much cooler!
Get your own clue.
Stanford is one of the top CS schools around, they oughta know better. On the other hand, they also probably have one of the best connections. As for UCSB, they were in one of the very first ARPAnet tests back in the 60s, so they should know what they're doing with this stuff, too.
WARNING: there is a trojan on your
Trying to track down (hackers|crackers|31337 skript k1dd13z) by going to the geographical location of one (set) of the machines that they were able to control is highly illogical from a technological standpoint.
I'm sure everybody was aware of that, but I felt the need to bring it up.
Sure, it helps if you look at the box(en) that were cracked, but is there really a need to chase rainbows at the physical location? Obviously, from all the n places that one could access the net (of which California is one), the possibility that the crackers are located in California is 1/n.
In all likelihood, this was not "the region from which the attacks most likely originated..." unless the machines' logs show evidence of physical tampering. OTOH, this could be part of their publicity stunt to show that they're going to "really do something about this."
"...a flood of hacker messages..." LMAO.
--
We have fought the AC's, and they have won.
Think undead, mindless drones simply and slavishly doing whatever they're told... Oh, wait a minute, you asked about zombie sites, not Micros~1 operating systems. :)
Seriously, though, methinks it's a word that the media just invented in their attempt to describe what's going on to a techno-illiterate public. I'm surprised it hasn't happened before... :)
--
We have fought the AC's, and they have won.
Ok, let's be realistic now. In real life, do cops go to every house and search just to check if there're loads of crack lying around? Hell no. At least in the US, laws postulate necessity good reason for search warrants. Port scans are, to within reason, equivalent. No one wants FBI sniffing at their boxes all the time -- just because of the unnecessary traffic if nothing else.
The real answer lies in assigning liability to anyone who left their system insecure and allowed it to become an intermediate point in an attack. No more of this "oh they are victims too" bullshit. If your system's hole is used to cause damage elsewhere, it's your fault. While some laws currently propose that, it has not been enforced. It needs to be. Administering a system on the net should be a responsibility, and leaving holes (especially known holes) around is a sign of an irresponsible sysadmin. Start enforcing this, and the world will have less moron sysadmins. In case y'all don't remember, the 'net was started back in the days where the very few who were given admin access knew what they were doing, and was largely based on that premise. The further we stray from that, the more of these attacks we'll see.
// zyqqh
Could someone please explain "zombie" sites for me? Thanks.
Lets stop praying for someone to save us and save ourselves. ~KMFDM
- Think for yourself, question authority.-
I like that "Linux is unhackable".
If you've ever been to rootshell.com you'd see there are plenty known bugs in linux. It is absurd to believe that it is not possible for linux to be invicible to this kind of problem because no operating system is perfectly secure because there are many people out there trying every day to find holes in the system. As to why use Solaris, it is better supported. Easier to install and set up, and unless you are running a huge network, it works perfectly. So its easier to use, more supported and solves people's needs. That is hwy people use solaris!
Look guys, let the flames descend, but the FBI isn't exactly stupid. "You fools, this is a global internet, the attackers could be anywhere." I find it hard to believe that out of all of the people employed by the FBI there are people who seriously believe otherwise.
I submit the following suggestion: mostly, this is for show. Yeah, most of the gumshoe work is going to be in analyzing server logs, and perhaps having a heart-to-heart with whatever equipment was compromised. But to most people, that's going to look like 'sitting around in washington.' So oooh, ahh, look at the FBI, they're moving around and doing stuff.
But here's the key folks: they are doing stuff. My guess is because of the angry advertisers losing "millions" of dollars, yeah, there's some pressure to get this done fast. I'd imagine they actually are checking every lead, you know? It's not like there aren't geeks that work for the FBI, you know?
So say whatever you want about the politics of all this (hey, that NSA theory is.. interesting after all), but give the FBI a liiiiiittle slack on this, they're not as dumb as is popular to say.
Maybe I'm wrong here, but isn't a DoS attack more against the pipe than the actual box? I mean, let's say I see a huge flood of packets coming from one IP. I tell my box to ignore them. All well and good, but aren't the incoming packets still clogging the pipes? Given enough brute force, you could clog anything up like that. Which, I'd have thought for companies as advanced as those hit (esp. Yahoo!) is what the problem was.
All of this wailing and gnashing of teeth is totally misplaced. Really, nothing happened. No one lost any money. The lost page views for one hour were more than made up for by new visits following all the publicity. Yahoo, e*trade and the rest would have had to pay $millions for this sort of publicity (well at least $100,000s). Share prices went up. The atacks will serve as a wake up call to administrators and service providers to increase security, and the internet will be enhanced. The only danger is thet the government uses this as an excuse to increase control over the internet. An by talking here as if this is a big problem, you are helping the government do just that. If the *insiders* agree that somthing is seriously wrong, they will say, that proves there really is a problem. Lets legislate.
Black Thursday n.
February 8th, 1996 - the day of the signing into law of the CDA (Communications Decency Act), so called by analogy with the catastrophic "Black Friday" in 1929 that began the Great Depression.
-- The New Hackers Dictionary
Note the attacks occured the day before, the day of and the day after the aniversery of the day that the CDA was signed into law.
They took out sites using high amounts of seemingly-normal traffic - indistinguishable, perhaps.
Too bad they didn't think to direct 5% of their total traffic to the cause of seemingly-normal advertising banner traffic.
That would be so cool. And if the total traffic for advertising banners went up somehow, we might see all the major ad banner companies crashing (or profiting, depending on who they are). No more banners on Yahoo? I'd love it!
Or they could just make a virus that joins a network processing cluster while it infects. Apply Jini to software technology and Beowulf, perhaps. The fun could be enormous.
reading the news most people think distributed denial of service was invented this week. That is not entirely the case. There is an IRC channel invented by "oddone" called #mocklamer on effnet. http://www.geocities.com/SiliconValley/Bay/4397/in dex.html It forms the principals of a distributed attack. #mocklamer is just that however. Everyone in the channel can request that an individual become the target of every ones ridicule. "Scoobster", the programmer of an IRC script called littlestar included support for both mocklamer and nukes of various types. one of those nuke programs is now widely recognized as one of the first trojan horses. The victims of the distributed denial of service attacks received huge ICMP bombs. The author of littlestare included a program to send those too. The supposed author of the program responsible for the attacks stated in an interview with zdnet that he got his start hacking effnet. I just can't help but noticing how interesting that is. Can you? For all you super cool wannabe H4XORS and script kiddies. The ground is littered with the corpses of freedoms lost. A secure Internet is also an un-free Internet. You folks out there who are busy pointing out the security holes in the internet and writing programs to post on hacker sites are wrong. Countries go to war for money. The US has gone to war for as little as 3 million 1999 adjusted dollars. Guns cause us to loose money? take 'em away. Make prostitution illegal? no way it's a free country. HAHA. Computers cause us to loose money? Take 'em away. And don't say "Oh no, computers are here to stay, there so useful and necessary." At one time the same was said about guns. You might be a master of software but the US regulates the hardware. You are just a punk with a gameboy when the feds shut down your router. So... keep it up. You need a license to own a dog. What makes you think that your computer privileges are rights? Remember, the constitution poses no threat to our current form of government. Keep it up. This gave you a cold pit in your belly? Fix it. Start at home though.
If voting were effective, it would be illegal by now.
Actually, the computer that allegedly was the source of "some" of the DDoS attack was a located at a remote research facility near Monterey.
Other than the odd grammatical error, you had a half-decent post going until your last sentence, which immediately relegated you to *idiot* status. If you think for one minute that the few hours a day you spend *learning* your *job* makes you superior in knowledge to ANY *professional* system administrator, then you you don't have the sense that god gave a chimpanzee. Think before you speak. There are *professional* System and Security administrators out there who have forgotten VOLUMES more about system and network administration than you apparently will ever know.
The clueless press endlessly bemoans the loss of a few hour's business by relative newcomers to the net, yet it ignores the rapidly changing trends in cyber traffic that threatens the last free-thought zone on the planet. The net system is being changed from a free zone of intellectual exchange to another tool of mega-commerce for the sole purpose of extracting bucks from the populace.
Could it be that these latest contortions on the net are but the early stages of a groundswell of reprisals to the changes of late, such changes exemplified by the "dotcom" Superbowl? It is rather conspicuous that all of the attacked sites are commercial. The FBI is obviously scrambling to nab these native "terrorists", regardless of their motive, so that the new frontier of commercial cyberspace can be safe and expand. Wait, didn't we play this scenario out in the 19th century? The next step is to herd the rest of us to "Oklahoma.gov"
I'm sure most geeks around knows what Road Runner is, but for those who don't, it's the cable 'net service for the Akron, OH area (Or at least that's the division of Road Runner that I'm talking about.) Monday at about the same time as Yahoo!'s DoS attack, several of Road Runner's routers went down. I don't know the specifics, but it seems a little too coincidental... Anyone have any specifics on whether this is releated or not?
-Pope Peter Porker, S.O.W., K.M.K.R., U.G.O.A., F.S.G.S.D.